Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vundo, mydoom, and all sorts of other crap [CLOSED]

Started by juanroman , Jul 27 2008 10:46 AM

  • This topic is locked This topic is locked

#16
juanroman
Posted 04 August 2008 - 06:51 PM

juanroman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi again, here are the logs

OTMoveIt2 log:


Explorer killed successfully
File/Folder C:\Documents and Settings\Dorian\Local Settings\Temp\~osE4.tmp not found.
File/Folder c:\windows\system32\ossproxy.exe not found.
File/Folder C:\Documents and Settings\Dorian\Local Settings\Temp\~os3C.tmp not found.
File/Folder C:\Documents and Settings\Dorian\Local Settings\Temp\~os62.tmp not found.
File/Folder C:\Documents and Settings\Dorian\Local Settings\Temp\~osB7.tmp not found.
File/Folder C:\Documents and Settings\Dorian\Local Settings\Temp\~os2D.tmp not found.
File/Folder C:\Documents and Settings\Fabian\Local Settings\Temp\~osB.tmp not found.
File/Folder C:\Documents and Settings\Fabian\Local Settings\Temp\~osA.tmp not found.
C:\WINDOWS\system32\mmc.exe moved successfully.
File/Folder C:\WINDOWS\system32\rnsdxyua.exe not found.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~osE4.tmp\\ossproxy.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~osE4.tmp\\ossproxy.exe not found.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\\windows\\system32\\ossproxy.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\\windows\\system32\\ossproxy.exe not found.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os3C.tmp\\ossproxy.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os3C.tmp\\ossproxy.exe not found.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os62.tmp\\ossproxy.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os62.tmp\\ossproxy.exe not found.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~osB7.tmp\\ossproxy.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~osB7.tmp\\ossproxy.exe not found.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os2D.tmp\\ossproxy.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os2D.tmp\\ossproxy.exe not found.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~osB.tmp\\ossproxy.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~osB.tmp\\ossproxy.exe not found.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~osA.tmp\\ossproxy.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~osA.tmp\\ossproxy.exe not found.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\WINDOWS\\system32\\mmc.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\WINDOWS\\system32\\mmc.exe not found.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\WINDOWS\\system32\\rnsdxyua.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\\WINDOWS\\system32\\rnsdxyua.exe not found.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Fabian\LOCALS~1\Temp\~DF8BE2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Fabian\LOCALS~1\Temp\~DF8C06.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Fabian\LOCALS~1\Temp\~DFB6F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Fabian\LOCALS~1\Temp\~DFE173.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Fabian\LOCALS~1\Temp\~DFE1F2.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08042008_183509

Files moved on Reboot...
File C:\DOCUME~1\Fabian\LOCALS~1\Temp\~DF8BE2.tmp not found!
File C:\DOCUME~1\Fabian\LOCALS~1\Temp\~DF8C06.tmp not found!
C:\DOCUME~1\Fabian\LOCALS~1\Temp\~DFB6F.tmp moved successfully.
File C:\DOCUME~1\Fabian\LOCALS~1\Temp\~DFE173.tmp not found!
File C:\DOCUME~1\Fabian\LOCALS~1\Temp\~DFE1F2.tmp not found!

******************************************



Deckard's System Scanner v20071014.68
Run by Fabian on 2008-08-04 18:45:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-08-05 00:45:38 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-08-03 16:51:10 UTC - RP4 - System Checkpoint
3: 2008-08-01 00:32:29 UTC - RP3 - System Checkpoint
2: 2008-07-28 23:26:55 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-07-27 15:41:48 UTC - RP1 - System Checkpoint


Percentage of Memory in Use: 89% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as Fabian.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45, on 08-08-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Program Files\Perfigo\SmartEnforcer\SmartEnforcer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Fabian\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Fabian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.utexas.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O4 - Global Startup: SmartEnforcer.lnk = C:\Program Files\Perfigo\SmartEnforcer\SmartEnforcer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093322966375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159331252625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8723 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
R4 black - c:\windows\system32\drivers\blackdrv.sys <Not Verified; Internet Security Systems, Inc.; ICEpac>

S3 RapFile - c:\windows\system32\drivers\rapfile.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapNet - c:\windows\system32\drivers\rapnet.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlackICE - "c:\program files\iss\isssensors\desktopprotection\blackd.exe" <Not Verified; Internet Security Systems, Inc.; Internet Security Systems Inc. blackd>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 RapApp - "c:\program files\iss\isssensors\desktopprotection\rapapp.exe" <Not Verified; Internet Security Systems, Inc.; Internet Security Systems, Inc. Rap Protection System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 664)
2007-10-06 11:06:20 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\explorer.exe (pid 3108)
2006-12-20 11:55:48 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>


-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-01 08:40:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-01 08:40:23 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-27 10:39:48 0 d-------- C:\Program Files\Trend Micro
2008-07-27 09:51:10 0 d-------- C:\Documents and Settings\Fabian\Application Data\Malwarebytes
2008-07-27 09:51:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 09:51:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 16:34:15 94150 --a------ C:\WINDOWS\system32\drivers\867178bd.sys
2008-07-04 18:55:33 0 d-------- C:\Doomsday


-- Find3M Report ---------------------------------------------------------------

2008-08-04 18:41:55 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-26 19:45:23 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-15 00:09:17 0 d-------- C:\Program Files\Winamp


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [04-03-04 15:29]
"nwiz"="nwiz.exe" [04-03-04 15:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [04-03-04 15:29]
"nForce Tray Options"="sstray.exe" [03-09-03 23:25 C:\WINDOWS\system32\sstray.exe]
"CHotkey"="zHotkey.exe" [03-06-04 16:01 C:\WINDOWS\zHotkey.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01-07-10 08:50]
"SunKistEM"="C:\Program Files\eMachines Bay Reader\shwiconem.exe" [04-03-12 20:18]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04-06-09 18:31]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [04-07-07 17:29]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [03-06-08 01:32]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04-08-03 19:10]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05-05-18 06:49]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06-04-03 17:12]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [07-01-01 15:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [08-02-22 04:25]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [07-01-19 12:54]

C:\Documents and Settings\Fabian\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [05-10-20 12:04:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [05-09-23 22:05:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 07-10-06 11:06 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-08-04 18:47:06 ------------



extra log:




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 85%
Physical Memory (total/avail): 447.48 MiB / 65.07 MiB
Pagefile Memory (total/avail): 1056.45 MiB / 685.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.02 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 90.06 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

\\.\PHYSICALDRIVE1 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE2 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE3 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE4 - eM Bay Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Symantec AntiVirus Corporate Edition v9.0.1.1000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade 1.4"
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe:*:Enabled:LimeWire: The most advanced file sharing program on the planet."
"C:\\Program Files\\Age of Empires II\\empires2.exe"="C:\\Program Files\\Age of Empires II\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Roller Coaster Tycoon 2\\rct2.exe"="C:\\Program Files\\Roller Coaster Tycoon 2\\rct2.exe:*:Enabled:rct2"
"C:\\Program Files\\Quake II\\Quake II\\QUAKE2.EXE"="C:\\Program Files\\Quake II\\Quake II\\QUAKE2.EXE:*:Enabled:QUAKE2"
"C:\\Program Files\\Halo\\halo.exe"="C:\\Program Files\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Doom 3\\Doom3Ded.exe"="C:\\Program Files\\Doom 3\\Doom3Ded.exe:*:Enabled:DOOM 3"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~osE4.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~osE4.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\\windows\\system32\\ossproxy.exe"="c:\\windows\\system32\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os3C.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os3C.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os62.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os62.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~osB7.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~osB7.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os2D.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os2D.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~osB.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~osB.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~osA.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~osA.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Team17\\Worms Armageddon\\WA.exe"="C:\\Program Files\\Team17\\Worms Armageddon\\WA.exe:*:Disabled:Worms Armageddon"
"C:\\Program Files\\Team17\\Worms Armageddon\\Landgen.exe"="C:\\Program Files\\Team17\\Worms Armageddon\\Landgen.exe:*:Disabled:Landgen"
"C:\\Q3Ademo\\quake3.exe"="C:\\Q3Ademo\\quake3.exe:*:Disabled:quake3"
"C:\\Program Files\\Team Arena Demo\\taquake3.exe"="C:\\Program Files\\Team Arena Demo\\taquake3.exe:*:Disabled:taquake3"
"C:\\Program Files\\Java\\j2re1.4.2\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\ZDaemon\\zlauncher.exe"="C:\\Program Files\\ZDaemon\\zlauncher.exe:*:Enabled:ZDaemon Browser"
"C:\\Program Files\\ZDaemon\\zdaemon.exe"="C:\\Program Files\\ZDaemon\\zdaemon.exe:*:Enabled:ZDaemon"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"c:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~os9.tmp\\ossproxy.exe"="c:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~os9.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\Heretic II\\Heretic2.exe"="C:\\Program Files\\Heretic II\\Heretic2.exe:*:Enabled:Heretic2"
"C:\\Program Files\\Quake III Arena\\quake3.exe"="C:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Age of Empires II\\age2_x1.exe"="C:\\Program Files\\Age of Empires II\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\WINDOWS\\system32\\rnsdxyua.exe"="C:\\WINDOWS\\system32\\rns"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Fabian\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DORIAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Fabian
LOGONSERVER=\\DORIAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\VDMSound\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Fabian\LOCALS~1\Temp
TMP=C:\DOCUME~1\Fabian\LOCALS~1\Temp
USERDOMAIN=DORIAN
USERNAME=Fabian
USERPROFILE=C:\Documents and Settings\Fabian
VDMSPath=C:\Program Files\VDMSound\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dorian (admin)
Fabian (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\ossproxy.exe -bootremove -uninst:RelevantKnowledge
--> C:\WINDOWS\system32\ossproxy.exe -bootremove -uninst:RelevantKnowledge
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Anvil Studio --> C:\WINDOWS\ST5UNST.EXE -n "c:\Program Files\Music Software\Anvilstudio\ST5UNST.LOG"
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Battlecraft 1942 --> C:\WINDOWS\iun6002.exe "C:\Program Files\EA GAMES\Battlecraft 1942\irunin.ini"
Battlecraft Vietnam --> C:\WINDOWS\iun6002.exe "C:\Program Files\EA GAMES\Battlecraft Vietnam\irunin.ini"
Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield 1942: Secret Weapons of WWII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\setup.exe" -l0x9
Battlefield 1942: The Road To Rome --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x9
Battlefield Mod Development Toolkit 2.0 Beta --> C:\WINDOWS\iun6002.exe "C:\Program Files\EA GAMES\Battlefield Mod Development Toolkit\MDT.ini"
Battlefield Vietnam™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
Battlefield Vietnam: WW2 Mod --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F989306B-9287-444F-AE73-E30C7E4AF0F5}\setup.exe" -l0x9
BFV Command and Control Server Manager - BFVCC --> C:\WINDOWS\iun6002.exe "C:\Program Files\BFVCC Server Manager\irunin.ini"
Byteswarm LiveUpdate 2.1.0.3 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Byteswarm\LiveUpdate\irunin.ini"
Command & Conquer The First Decade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Commandos 2: Men of Courage --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}\setup.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CompuServe --> C:\Program Files\Common Files\csshare\csunins_us.exe
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{584267B8-0BB0-4D18-9FFA-726576619E9A} /l1033 /x
Doomsday Engine 1.9.0-beta5 --> C:\Doomsday\unins000.exe
eMachines Bay Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Frets On Fire --> "C:\Program Files\Frets on Fire\Uninstall.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Gorilla 2 --> C:\Program Files\Gorillas\uninstall.exe
Heretic II --> C:\PROGRA~1\HERETI~1\UNINST~1\UNINST~1.EXE C:\Program Files\Heretic II\uninstall\Heretic II.log
Heretic II --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Heretic II\H2Uninst.isu"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
intelliScore Polyphonic Demo --> C:\Program Files\Music Software\Intelliscore\Uninstal.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveTvNetwork Auto codec Installer --> C:\Program Files\LiveTvNetwork Auto codec Installer\Uninstal.exe
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maniac Mansion Deluxe --> C:\PROGRAM FILES\MANIAC MANSION DELUXE\Uninstal.exe
Mario Forever --> C:\Program Files\Mario Forever\Odinstaluj.exe
Master Levels of Doom --> "C:\Program Files\Steam\steam.exe" steam://uninstall/9160
Microsoft Age of Empires Gold --> "C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo Premium 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Ethernet Driver --> C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA nForce Drivers --> C:\WINDOWS\System32\NVUninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PHDWin Version 2.75 --> MsiExec.exe /I{6BF50728-E4E4-4A2F-A2D3-424AA81C952A}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PunkBuster for Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{127B684B-A002-44C8-99A7-6CF8F1E26873}\setup.exe" -l0x9
PunkBuster for Battlefield Vietnam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x9
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Quake III Arena\QIII.isu"
Quake III Team Arena --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Quake III Arena\Q3TA.isu"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Risk II --> "C:\Program Files\Risk II\ReflexiveArcade\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SimCity 4 --> C:\Program Files\Maxis\SimCity 4\EAUninstall.exe
SmartEnforcer --> MsiExec.exe /X{F0F19AFA-DE43-41A8-9CA7-45D06F2A1133}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Sonic Foundry ACID 4.0 --> MsiExec.exe /I{2A38B5AA-EA84-4F87-9937-2FB23982243A}
Space Synthesizer 1.1b --> "C:\Program Files\SpaceSynthesizer\uninst\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
Theme Hospital --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Bullfrog\Hospital\DeIsL1.isu"
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TI NoteFolio Creator --> MsiExec.exe /I{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}
VDMSound 2.0.4 --> MsiExec.exe /I{8ECBE643-8230-11D5-9D6B-00A024112F81}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VirSyn --> C:\PROGRA~1\SYNTHE~1\STEINB~1\VirSyn\UNWISE.EXE C:\PROGRA~1\SYNTHE~1\STEINB~1\VirSyn\INSTALL.LOG
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WarZone Client --> C:\PROGRA~1\WarZone\UNWISE.EXE C:\PROGRA~1\WarZone\INSTALL.LOG
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender --> MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows XP Related --> Rundll32.exe C:\WINDOWS\lbbho.dll,Uninst
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Worms Armageddon --> C:\PROGRA~1\Team17\WORMSA~1\UNWISE.EXE C:\PROGRA~1\Team17\WORMSA~1\INSTALL.LOG
x264 Revision 564 x264.nl (remove only) --> "C:\Program Files\x264\x264-uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type13100 / Success
Event Submitted/Written: 08/04/2008 06:43:39 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13090 / Success
Event Submitted/Written: 08/04/2008 06:30:11 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13078 / Success
Event Submitted/Written: 08/03/2008 05:55:02 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13066 / Success
Event Submitted/Written: 08/03/2008 07:57:19 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13045 / Success
Event Submitted/Written: 08/02/2008 09:37:27 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type60319 / Warning
Event Submitted/Written: 08/04/2008 06:42:10 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type60293 / Warning
Event Submitted/Written: 08/04/2008 06:27:11 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type60276 / Warning
Event Submitted/Written: 08/03/2008 10:14:37 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type60271 / Warning
Event Submitted/Written: 08/03/2008 03:19:10 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type60247 / Warning
Event Submitted/Written: 08/03/2008 07:56:24 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-08-04 18:47:06 ------------


let me know thanks
  • 0

Advertisements

#17
fenzodahl512
Posted 04 August 2008 - 08:23 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please uninstall these programs from your computer..

AVG Anti-Spyware 7.5
Viewpoint Media Player




NEXT


Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




NEXT


Please save this instruction in a Notepad as we will enter Safe Mode..

Please reboot into Safe Mode


In Safe Mode, please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Documents and Settings\Dorian\Local Settings\Temp\~osE4.tmp
c:\windows\system32\ossproxy.exe
C:\Documents and Settings\Dorian\Local Settings\Temp\~os3C.tmp
C:\Documents and Settings\Dorian\Local Settings\Temp\~os62.tmp
C:\Documents and Settings\Dorian\Local Settings\Temp\~osB7.tmp
C:\Documents and Settings\Dorian\Local Settings\Temp\~os2D.tmp
C:\Documents and Settings\Fabian\Local Settings\Temp\~osB.tmp
C:\Documents and Settings\Fabian\Local Settings\Temp\~osA.tmp
C:\WINDOWS\system32\mmc.exe
c:\Documents and Settings\Fabian\Local Settings\Temp\~os9.tmp
C:\WINDOWS\system32\rnsdxyua.exe
purity
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Still in Safe Mode,

Please copy and paste the following into a Notepad

REGEDIT4

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~osE4.tmp\\ossproxy.exe"=-
"c:\\windows\\system32\\ossproxy.exe"=-
"C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os3C.tmp\\ossproxy.exe"=-
"C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os62.tmp\\ossproxy.exe"=-
"C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~osB7.tmp\\ossproxy.exe"=-
"C:\\Documents and Settings\\Dorian\\Local Settings\\Temp\\~os2D.tmp\\ossproxy.exe"=-
"C:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~osB.tmp\\ossproxy.exe"=-
"C:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~osA.tmp\\ossproxy.exe"=-
"C:\\WINDOWS\\system32\\mmc.exe"=-
"c:\\Documents and Settings\\Fabian\\Local Settings\\Temp\\~os9.tmp\\ossproxy.exe"=-
"C:\\WINDOWS\\system32\\rnsdxyua.exe"=-

Save it in desktop as Fix.reg and in Save as type: choose All Files

A new registry file will then created on your desktop. It should look like this: Posted Image

Just double-click the file and choose Yes at prompt.

If you do not sure how to make a registry file, please visit HERE for the tutorial.




NEXT


Please reboot into Normal Mode and do this..

Please go to Start >> Run >> and copy/paste below into the box >> Press Enter

"%userprofile%\desktop\dss.exe" /config


At DSS configuration box, press Check All button and then press Scan!

DO NOT tick the Backup Registry Hives option.

UNTICK the Temp Cleanup option.

After that please post the main.txt and extra.txt here




Please post the following logs in your next reply..

1. OTMoveIt2
2. A fresh DSS log (both main.txt and extra.txt)
3. Tell me about your computer behaviour


Regards
fenzodahl512
  • 0

#18
fenzodahl512
Posted 09 August 2008 - 08:56 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP